/** * Calculate a RespID based on the public key of the responder. * * @param subjectPublicKeyInfo the info structure for the responder public key. * @param digCalc a SHA-1 digest calculator. * @throws OCSPException on exception creating ID. */ public RespID( SubjectPublicKeyInfo subjectPublicKeyInfo, DigestCalculator digCalc) throws OCSPException { try { if (!digCalc.getAlgorithmIdentifier().equals(HASH_SHA1)) { throw new IllegalArgumentException("only SHA-1 can be used with RespID"); } OutputStream digOut = digCalc.getOutputStream(); digOut.write(subjectPublicKeyInfo.getPublicKeyData().getBytes()); digOut.close(); this.id = new ResponderID(new DEROctetString(digCalc.getDigest())); } catch (Exception e) { throw new OCSPException("problem creating ID: " + e, e); } }
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); // encode <oidString> v.add(oid); // encode <n> v.add(new ASN1Integer(n)); // encode <t> v.add(new ASN1Integer(t)); // encode <matrixG> v.add(new DEROctetString(matrixG)); return new DERSequence(v); }
public int generateBytes(byte[] out, int outOff, int len) throws DataLengthException, IllegalArgumentException { // TODO Create an ASN.1 class for this (RFC3278) // ECC-CMS-SharedInfo ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new AlgorithmIdentifier(algorithm, DERNull.INSTANCE)); v.add(new DERTaggedObject(true, 2, new DEROctetString(Pack.intToBigEndian(keySize)))); try { kdf.init(new KDFParameters(z, new DERSequence(v).getEncoded(ASN1Encoding.DER))); } catch (IOException e) { throw new IllegalArgumentException("unable to initialise kdf: " + e.getMessage()); } return kdf.generateBytes(out, outOff, len); }
public ECPrivateKey( BigInteger key, DERBitString publicKey, ASN1Object parameters) { byte[] bytes = BigIntegers.asUnsignedByteArray(key); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(1)); v.add(new DEROctetString(bytes)); if (parameters != null) { v.add(new DERTaggedObject(true, 0, parameters)); } if (publicKey != null) { v.add(new DERTaggedObject(true, 1, publicKey)); } seq = new DERSequence(v); }
public ECPrivateKeyStructure( BigInteger key, DERBitString publicKey, ASN1Encodable parameters) { byte[] bytes = BigIntegers.asUnsignedByteArray(key); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(1)); v.add(new DEROctetString(bytes)); if (parameters != null) { v.add(new DERTaggedObject(true, 0, parameters)); } if (publicKey != null) { v.add(new DERTaggedObject(true, 1, publicKey)); } seq = new DERSequence(v); }
/** * create an AuthorityKeyIdentifier with the GeneralNames tag and * the serial number provided as well. */ public AuthorityKeyIdentifier( SubjectPublicKeyInfo spki, GeneralNames name, BigInteger serialNumber) { Digest digest = new SHA1Digest(); byte[] resBuf = new byte[digest.getDigestSize()]; byte[] bytes = spki.getPublicKeyData().getBytes(); digest.update(bytes, 0, bytes.length); digest.doFinal(resBuf, 0); this.keyidentifier = new DEROctetString(resBuf); this.certissuer = GeneralNames.getInstance(name.toASN1Primitive()); this.certserno = new ASN1Integer(serialNumber); }
private static ASN1Sequence createReasonExtension(int reasonCode) { ASN1EncodableVector v = new ASN1EncodableVector(); CRLReason crlReason = CRLReason.lookup(reasonCode); try { v.add(Extension.reasonCode); v.add(new DEROctetString(crlReason.getEncoded())); } catch (IOException e) { throw new IllegalArgumentException("error encoding reason: " + e); } return new DERSequence(v); }
private static ASN1Sequence createInvalidityDateExtension(ASN1GeneralizedTime invalidityDate) { ASN1EncodableVector v = new ASN1EncodableVector(); try { v.add(Extension.invalidityDate); v.add(new DEROctetString(invalidityDate.getEncoded())); } catch (IOException e) { throw new IllegalArgumentException("error encoding reason: " + e); } return new DERSequence(v); }
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(algId); v.add(new DEROctetString(digest)); return new DERSequence(v); }
public ASN1EncodableVector getASN1EncodableVector(ASN1ObjectIdentifier oid, boolean publicPointOnly) { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(oid); if (!publicPointOnly) { v.add(new UnsignedInteger(0x01, getPrimeModulusP())); v.add(new UnsignedInteger(0x02, getFirstCoefA())); v.add(new UnsignedInteger(0x03, getSecondCoefB())); v.add(new DERTaggedObject(false, 0x04, new DEROctetString(getBasePointG()))); v.add(new UnsignedInteger(0x05, getOrderOfBasePointR())); } v.add(new DERTaggedObject(false, 0x06, new DEROctetString(getPublicPointY()))); if (!publicPointOnly) { v.add(new UnsignedInteger(0x07, getCofactorF())); } return v; }
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(certificateBody); try { v.add(new DERApplicationSpecific(false, EACTags.STATIC_INTERNAL_AUTHENTIFICATION_ONE_STEP, new DEROctetString(innerSignature))); } catch (IOException e) { throw new IllegalStateException("unable to convert signature!"); } return new DERApplicationSpecific(EACTags.CARDHOLDER_CERTIFICATE, v); }
/** * @see org.bouncycastle.asn1.ASN1Object#toASN1Primitive() */ public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); if (valid != (signValid | bodyValid)) { return null; } v.add(certificateBody); try { v.add(new DERApplicationSpecific(false, EACTags.STATIC_INTERNAL_AUTHENTIFICATION_ONE_STEP, new DEROctetString(signature))); } catch (IOException e) { throw new IllegalStateException("unable to convert signature!"); } return new DERApplicationSpecific(EACTags.CARDHOLDER_CERTIFICATE, v); }
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); if (namedCurve != null) { v.add(namedCurve); } else { v.add(ecbinary); } if (!org.bouncycastle.util.Arrays.areEqual(dke, DEFAULT_DKE)) { v.add(new DEROctetString(dke)); } return new DERSequence(v); }
public DSTU4145ECBinary(ECDomainParameters params) { if (!(params.getCurve() instanceof ECCurve.F2m)) { throw new IllegalArgumentException("only binary domain is possible"); } // We always use big-endian in parameter encoding ECCurve.F2m curve = (ECCurve.F2m)params.getCurve(); f = new DSTU4145BinaryField(curve.getM(), curve.getK1(), curve.getK2(), curve.getK3()); a = new ASN1Integer(curve.getA().toBigInteger()); X9IntegerConverter converter = new X9IntegerConverter(); b = new DEROctetString(converter.integerToBytes(curve.getB().toBigInteger(), converter.getByteLength(curve))); n = new ASN1Integer(params.getN()); bp = new DEROctetString(DSTU4145PointEncoder.encodePoint(params.getG())); }
@Override protected byte[] digestSecretKey0(long mechanism) throws P11TokenException { Asn1P11EntityIdentifier asn1EntityId = new Asn1P11EntityIdentifier(identityId); Asn1DigestSecretKeyTemplate template = new Asn1DigestSecretKeyTemplate( asn1EntityId, mechanism); byte[] result = ((ProxyP11Slot) slot).module().send( P11ProxyConstants.ACTION_DIGEST_SECRETKEY, template); ASN1OctetString octetString; try { octetString = DEROctetString.getInstance(result); } catch (IllegalArgumentException ex) { throw new P11TokenException("the returned result is not OCTET STRING"); } return (octetString == null) ? null : octetString.getOctets(); }
protected byte[] engineSign() throws SignatureException { byte[] hash = new byte[digest.getDigestSize()]; digest.doFinal(hash, 0); try { BigInteger[] sig = signer.generateSignature(hash); byte[] r = sig[0].toByteArray(); byte[] s = sig[1].toByteArray(); byte[] sigBytes = new byte[(r.length > s.length ? r.length * 2 : s.length * 2)]; System.arraycopy(s, 0, sigBytes, (sigBytes.length / 2) - s.length, s.length); System.arraycopy(r, 0, sigBytes, sigBytes.length - r.length, r.length); return new DEROctetString(sigBytes).getEncoded(); } catch (Exception e) { throw new SignatureException(e.toString()); } }
/** * Return the PKCS#1 ASN.1 structure RSAES-OAEP-params. */ protected byte[] engineGetEncoded() { AlgorithmIdentifier hashAlgorithm = new AlgorithmIdentifier( DigestFactory.getOID(currentSpec.getDigestAlgorithm()), DERNull.INSTANCE); MGF1ParameterSpec mgfSpec = (MGF1ParameterSpec)currentSpec.getMGFParameters(); AlgorithmIdentifier maskGenAlgorithm = new AlgorithmIdentifier( PKCSObjectIdentifiers.id_mgf1, new AlgorithmIdentifier(DigestFactory.getOID(mgfSpec.getDigestAlgorithm()), DERNull.INSTANCE)); PSource.PSpecified pSource = (PSource.PSpecified)currentSpec.getPSource(); AlgorithmIdentifier pSourceAlgorithm = new AlgorithmIdentifier( PKCSObjectIdentifiers.id_pSpecified, new DEROctetString(pSource.getValue())); RSAESOAEPparams oaepP = new RSAESOAEPparams(hashAlgorithm, maskGenAlgorithm, pSourceAlgorithm); try { return oaepP.getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new RuntimeException("Error encoding OAEPParameters"); } }
/** * in the absence of a standard way of doing it this will do for * now... */ protected byte[] engineGetEncoded() { try { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new DEROctetString(currentSpec.getDerivationV())); v.add(new DEROctetString(currentSpec.getEncodingV())); v.add(new DERInteger(currentSpec.getMacKeySize())); return new DERSequence(v).getEncoded(ASN1Encoding.DER); } catch (IOException e) { throw new RuntimeException("Error encoding IESParameters"); } }
public RespID( PublicKey key) throws OCSPException { try { // TODO Allow specification of a particular provider MessageDigest digest = OCSPUtil.createDigestInstance("SHA1", null); ASN1InputStream aIn = new ASN1InputStream(key.getEncoded()); SubjectPublicKeyInfo info = SubjectPublicKeyInfo.getInstance(aIn.readObject()); digest.update(info.getPublicKeyData().getBytes()); ASN1OctetString keyHash = new DEROctetString(digest.digest()); this.id = new ResponderID(keyHash); } catch (Exception e) { throw new OCSPException("problem creating ID: " + e, e); } }
private static ASN1Set buildSignedAttributes(byte[] hash, Date dateTime, X509Certificate cert) throws Exception { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new Attribute(CMSAttributes.contentType, new DERSet(PKCSObjectIdentifiers.data))); if (dateTime != null) v.add(new Attribute(CMSAttributes.signingTime, new DERSet(new Time(dateTime)))); v.add(new Attribute(CMSAttributes.messageDigest, new DERSet(new DEROctetString(hash)))); // CADES support section ASN1EncodableVector aaV2 = new ASN1EncodableVector(); AlgorithmIdentifier algoId = new AlgorithmIdentifier(new ASN1ObjectIdentifier(CMSSignedDataGenerator.DIGEST_SHA256), null); aaV2.add(algoId); byte[] dig = SignUtils.calculateHASH(CMSSignedDataGenerator.DIGEST_SHA256, cert.getEncoded()); aaV2.add(new DEROctetString(dig)); Attribute cades = new Attribute(PKCSObjectIdentifiers.id_aa_signingCertificateV2, new DERSet(new DERSequence(new DERSequence(new DERSequence(aaV2))))); v.add(cades); ASN1Set signedAttributes = new DERSet(v); return signedAttributes; }
public RC2CBCParameter( int parameterVersion, byte[] iv) { this.version = new DERInteger(parameterVersion); this.iv = new DEROctetString(iv); }
public PKCS12PBEParams( byte[] salt, int iterations) { this.iv = new DEROctetString(salt); this.iterations = new DERInteger(iterations); }
public PBKDF2Params( byte[] salt, int iterationCount) { this.octStr = new DEROctetString(salt); this.iterationCount = new DERInteger(iterationCount); }
private static CertID createCertID(DigestCalculator digCalc, X509CertificateHolder issuerCert, ASN1Integer serialNumber) throws OCSPException { try { OutputStream dgOut = digCalc.getOutputStream(); dgOut.write(issuerCert.toASN1Structure().getSubject().getEncoded(ASN1Encoding.DER)); dgOut.close(); ASN1OctetString issuerNameHash = new DEROctetString(digCalc.getDigest()); SubjectPublicKeyInfo info = issuerCert.getSubjectPublicKeyInfo(); dgOut = digCalc.getOutputStream(); dgOut.write(info.getPublicKeyData().getBytes()); dgOut.close(); ASN1OctetString issuerKeyHash = new DEROctetString(digCalc.getDigest()); return new CertID(digCalc.getAlgorithmIdentifier(), issuerNameHash, issuerKeyHash, serialNumber); } catch (Exception e) { throw new OCSPException("problem creating ID: " + e, e); } }
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); v.add(version); v.add(new DEROctetString(publicKey)); return new DERSequence(v); }
public ASN1Primitive toASN1Primitive() { ASN1EncodableVector v = new ASN1EncodableVector(); // encode <oidString> v.add(oid); // encode <n> v.add(new ASN1Integer(n)); // encode <k> v.add(new ASN1Integer(k)); // encode <field> v.add(new DEROctetString(encField)); // encode <gp> v.add(new DEROctetString(encGp)); // encode <p> v.add(new DEROctetString(encP)); // encode <h> v.add(new DEROctetString(encH)); // encode <q> ASN1EncodableVector asnQInv = new ASN1EncodableVector(); for (int i = 0; i < encqInv.length; i++) { asnQInv.add(new DEROctetString(encqInv[i])); } v.add(new DERSequence(asnQInv)); return new DERSequence(v); }
/** * Add a SafeBag that is to be included as is. * * @param data the SafeBag to add. * @return this builder. * @throws IOException */ public PKCS12PfxPduBuilder addData(PKCS12SafeBag data) throws IOException { dataVector.add(new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(new DLSequence(data.toASN1Structure()).getEncoded()))); return this; }
/** * Build the Pfx structure, protecting it with a MAC calculated against the passed in password. * * @param macCalcBuilder a builder for a PKCS12 mac calculator. * @param password the password to use. * @return a Pfx object. * @throws PKCSException on a encoding or processing error. */ public PKCS12PfxPdu build(PKCS12MacCalculatorBuilder macCalcBuilder, char[] password) throws PKCSException { AuthenticatedSafe auth = AuthenticatedSafe.getInstance(new DLSequence(dataVector)); byte[] encAuth; try { encAuth = auth.getEncoded(); } catch (IOException e) { throw new PKCSException("unable to encode AuthenticatedSafe: " + e.getMessage(), e); } ContentInfo mainInfo = new ContentInfo(PKCSObjectIdentifiers.data, new DEROctetString(encAuth)); MacData mData = null; if (macCalcBuilder != null) { MacDataGenerator mdGen = new MacDataGenerator(macCalcBuilder); mData = mdGen.build(password, encAuth); } // // output the Pfx // Pfx pfx = new Pfx(mainInfo, mData); return new PKCS12PfxPdu(pfx); }
private Asn1P11Params(ASN1TaggedObject taggedObject) throws BadAsn1ObjectException { this.tagNo = taggedObject.getTagNo(); if (tagNo == 0) { this.p11Params = Asn1RSAPkcsPssParams.getInstance(taggedObject.getObject()); } else if (tagNo == 1) { this.p11Params = DEROctetString.getInstance(taggedObject.getObject()); } else { throw new BadAsn1ObjectException("invalid tag " + tagNo); } }
public ECPrivateKey( BigInteger key) { byte[] bytes = BigIntegers.asUnsignedByteArray(key); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(1)); v.add(new DEROctetString(bytes)); seq = new DERSequence(v); }
public ECPrivateKeyStructure( BigInteger key) { byte[] bytes = BigIntegers.asUnsignedByteArray(key); ASN1EncodableVector v = new ASN1EncodableVector(); v.add(new ASN1Integer(1)); v.add(new DEROctetString(bytes)); seq = new DERSequence(v); }
/** * Add an extension with the given oid and the passed in byte array to be wrapped in the * OCTET STRING associated with the extension. * * @param oid OID for the extension. * @param critical true if critical, false otherwise. * @param value the byte array to be wrapped. */ public void addExtension( ASN1ObjectIdentifier oid, boolean critical, byte[] value) { if (extensions.containsKey(oid)) { throw new IllegalArgumentException("extension " + oid + " already added"); } extOrdering.addElement(oid); extensions.put(oid, new X509Extension(critical, new DEROctetString(value))); }
/** * create an AuthorityKeyIdentifier with a precomputed key identifier */ public AuthorityKeyIdentifier( byte[] keyIdentifier) { this.keyidentifier = new DEROctetString(keyIdentifier); this.certissuer = null; this.certserno = null; }
/** * create an AuthorityKeyIdentifier with a precomputed key identifier * and the GeneralNames tag and the serial number provided as well. */ public AuthorityKeyIdentifier( byte[] keyIdentifier, GeneralNames name, BigInteger serialNumber) { this.keyidentifier = new DEROctetString(keyIdentifier); this.certissuer = GeneralNames.getInstance(name.toASN1Primitive()); this.certserno = new ASN1Integer(serialNumber); }
/** * Add an extension with the given oid and the passed in byte array to be wrapped in the * OCTET STRING associated with the extension. * * @param oid OID for the extension. * @param critical true if critical, false otherwise. * @param value the byte array to be wrapped. */ public void addExtension( ASN1ObjectIdentifier oid, boolean critical, byte[] value) { if (extensions.containsKey(oid)) { throw new IllegalArgumentException("extension " + oid + " already added"); } extOrdering.addElement(oid); extensions.put(oid, new Extension(oid, critical, new DEROctetString(value))); }
/** * Create a GeneralName for the given tag from the passed in String. * <p> * This constructor can handle: * <ul> * <li>rfc822Name * <li>iPAddress * <li>directoryName * <li>dNSName * <li>uniformResourceIdentifier * <li>registeredID * </ul> * For x400Address, otherName and ediPartyName there is no common string * format defined. * <p> * Note: A directory name can be encoded in different ways into a byte * representation. Be aware of this if the byte representation is used for * comparing results. * * @param tag tag number * @param name string representation of name * @throws IllegalArgumentException if the string encoding is not correct or * not supported. */ public GeneralName( int tag, String name) { this.tag = tag; if (tag == rfc822Name || tag == dNSName || tag == uniformResourceIdentifier) { this.obj = new DERIA5String(name); } else if (tag == registeredID) { this.obj = new ASN1ObjectIdentifier(name); } else if (tag == directoryName) { this.obj = new X500Name(name); } else if (tag == iPAddress) { byte[] enc = toGeneralNameEncoding(name); if (enc != null) { this.obj = new DEROctetString(enc); } else { throw new IllegalArgumentException("IP Address is invalid"); } } else { throw new IllegalArgumentException("can't process String for tag: " + tag); } }
public Extension( ASN1ObjectIdentifier extnId, boolean critical, byte[] value) { this(extnId, critical, new DEROctetString(value)); }
public ECDSAPublicKey(ASN1ObjectIdentifier usage, BigInteger p, BigInteger a, BigInteger b, byte[] basePoint, BigInteger order, byte[] publicPoint, int cofactor) { this.usage = usage; setPrimeModulusP(p); setFirstCoefA(a); setSecondCoefB(b); setBasePointG(new DEROctetString(basePoint)); setOrderOfBasePointR(order); setPublicPointY(new DEROctetString(publicPoint)); setCofactorF(BigInteger.valueOf(cofactor)); }
/** * builds an Iso7816CertificateBody by settings each parameters. * * @param certificateProfileIdentifier * @param certificationAuthorityReference * * @param publicKey * @param certificateHolderReference * @param certificateHolderAuthorization * @param certificateEffectiveDate * @param certificateExpirationDate * @throws IOException */ public CertificateBody( DERApplicationSpecific certificateProfileIdentifier, CertificationAuthorityReference certificationAuthorityReference, PublicKeyDataObject publicKey, CertificateHolderReference certificateHolderReference, CertificateHolderAuthorization certificateHolderAuthorization, PackedDate certificateEffectiveDate, PackedDate certificateExpirationDate ) { setCertificateProfileIdentifier(certificateProfileIdentifier); setCertificationAuthorityReference(new DERApplicationSpecific( EACTags.ISSUER_IDENTIFICATION_NUMBER, certificationAuthorityReference.getEncoded())); setPublicKey(publicKey); setCertificateHolderReference(new DERApplicationSpecific( EACTags.CARDHOLDER_NAME, certificateHolderReference.getEncoded())); setCertificateHolderAuthorization(certificateHolderAuthorization); try { setCertificateEffectiveDate(new DERApplicationSpecific( false, EACTags.APPLICATION_EFFECTIVE_DATE, new DEROctetString(certificateEffectiveDate.getEncoding()))); setCertificateExpirationDate(new DERApplicationSpecific( false, EACTags.APPLICATION_EXPIRATION_DATE, new DEROctetString(certificateExpirationDate.getEncoding()))); } catch (IOException e) { throw new IllegalArgumentException("unable to encode dates: " + e.getMessage()); } }
